KLA11459
Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to spoof user interface, obtain sensitive information, cause denial of service, gain privileges.

Below is a complete list of vulnerabilities:

1. A cross-site-scripting (XSS) vulnerability Azure DevOps Server and Team Foundation Server can be exploited remotely via specially crafted payload to spoof user interface.
2. A cross-site-scripting (XSS) vulnerability Azure DevOps Server can be exploited remotely via specially crafted payload to spoof user interface.
3. Unspecified Microsoft Azure can be exploited remotely to spoof user interface.
4. An information disclosure vulnerability in Open Enclave SDK can be exploited remotely to obtain sensitive information.
5. A denial of service vulnerability in ASP.NET Core can be exploited remotely via specially crafted requests to cause denial of service.
6. An elevation of privilege vulnerability in Azure DevOps Server can be exploited remotely via specially crafted request to gain privileges.
7. A spoofing vulnerability in Azure DevOps Server can be exploited remotely via specially crafted payload to spoof user interface.

Open Enclave SDK
Azure DevOps Server 2019
ASP.NET Core 2.2
Team Foundation Server 2018 Update 3.2
Team Foundation Server 2018 Update 1.2
Team Foundation Server 2017 Update 3.1
Team Foundation Server 2015 Update 4.2

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)